DNS

Dnsmap is a subdomain brute-forcing program. It has a built in word list, which makes it easier than ever to use. If you have your own list of subdomains, you can use that instead. Dnsmap is meant to be used by responsible pentesters during the information gathering/enumeration phase of infrastructure security assessments. Only use this tool on domain names you have permission to use it on (such as your own, or ones belonging to the person who is paying you).

If you are a systems administrator, there will probably be a time when you will need to change a users IP adddress, gateway, subnet mask, or DNS servers without actually logging into their computer. This method requires no end user interaction and is designed to work in a domain environment. We will be using two tools in this example: Netsh and PsExec (part of PsTools).

Download PsTools and extract it to C:\pstools on your system. Then open a command prompt and change to that directory:

cd C:\pstools

PsExec is a light-weight telnet replacement that lets you execute processes on remote systems. You can use IP addresses or hostnames with PsExec. To launch an interactive command prompt on a remote computer, run the following command (you should run theses commands as domain admin):

DNS Performance Test is a great cross-platform utility for testing DNS servers. To begin, head over to their homepage and select the appropriate download. In my examples, I will be using Ubuntu 10.10 64 bit, so make the necessary adjustments.

Extract the contents of the zip file. (You may have to make the program executable. Right click on “Dpt-Linux”, choose properties, select the “Permissions” tab, and check “Allow executing file as a program”)

Set your primary DNS server to whatever you want to test. For my example, I will set mine to 4.2.2.1

Open Dpt-Linux and hit start. The program will randomize a 10,000 entry list of domain names and proceed to query each one of them with your selected DNS server. Once finished, you can look at the “Stats” tab. You will see useful statistics such as best, worst, and average query times. You will also see the number of timeouts and successful queries. If you want to compare these results to another DNS server, the main thing you will be looking at is the “Average Query Time”. Go ahead and run the test again, except this time, change your primary DNS server to the one provided by your ISP. Whichever has the lowest average query time would be the preferable one.